-# function to interact with the host gnupg keyring
-gpg_host() {
- local returnCode
-
- GNUPGHOME="$GNUPGHOME_HOST"
- export GNUPGHOME
-
- # NOTE: we supress this warning because we need the monkeysphere
- # user to be able to read the host pubring. we realize this might
- # be problematic, but it's the simplest solution, without too much
- # loss of security.
- gpg --no-permission-warning "$@"
- returnCode="$?"
-
- # always reset the permissions on the host pubring so that the
- # monkeysphere user can read the trust signatures
- chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
- chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
-
- return "$returnCode"
+# edit key scripts, takes scripts on stdin, and keyID as first input
+gpg_host_edit() {
+ gpg_host --command-fd 0 --edit-key "$@"
+}
+
+# export the monkeysphere gpg pub key file
+update_gpg_pub_file() {
+ log debug "updating openpgp public key file '$HOST_KEY_FILE'..."
+ gpg_host --export --armor --export-options export-minimal > "$HOST_KEY_FILE"
+ log debug "updating fingerprint file '$HOST_KEY_FPR_FILE'..."
+ gpg_host --list-secret-key --with-colons --with-fingerprint \
+ | awk -F: '/^fpr:/{ print $10 }' > "$HOST_KEY_FPR_FILE"
+}
+
+host_fingerprints() {
+ local fprs=($(cat "$HOST_KEY_FPR_FILE"))
+
+ log debug "host key fingerprints:"
+ printf '%s\n' "${fprs[@]}" | log debug
+ printf '%s\n' "${fprs[@]}"
+}
+
+# check that the service name is well formed
+check_service_name() {
+ local name="$1"
+ log error "FIX ME: check service name"
+}
+
+# fail if host key not present
+check_no_keys() {
+ [ -s "$HOST_KEY_FILE" ] || [ -s "$HOST_KEY_FPR_FILE" ] \
+ || failure "You don't appear to have a Monkeysphere host key on this server.
+Please run 'monkeysphere-host import-key' import a key."
+}
+
+# key input to functions, outputs full fingerprint of specified key if
+# found
+check_key_input() {
+ local keyID="$1"
+ # array of fingerprints
+ local fprs=($(host_fingerprints))
+
+ case ${#fprs[@]} in
+ 0)
+ failure "You don't appear to have any Monkeysphere host keys.
+Please run 'monkeysphere-host import-key' to import a key."
+ ;;
+ 1)
+ :
+ ;;
+ *)
+ if [ -z "$keyID" ] ; then
+ failure "Your host keyring contains multiple keys.
+Please specify one to act on (see 'monkeysphere-host show-key')."
+ fi
+ ;;
+ esac
+ printf '%s\n' "${fprs[@]}" | grep "${keyID}$" \
+ || failure "Host key '$keyID' not found."